Securely exposing an accelerator to privileged system components

ABSTRACT

Various embodiments are generally directed to securing systems that include hardware accelerators, such as FPGA-based accelerators, and privileged system components. Some embodiments may provide a security broker. In various embodiments, the security broker may provide interfaces between the hardware accelerator and the privileged component. Some embodiments may receive an instruction from the hardware accelerator targeting the privileged component, and validate the instruction based on a configuration. In some embodiments, upon determining the instruction is not validated, the instruction is restricted from further processing.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of, claims the benefit of andpriority to previously filed U.S. patent application Ser. No. 16/024,022filed Jun. 29, 2018, entitled “SECURELY EXPOSING AN ACCELERATOR TOPRIVILEGED SYSTEM COMPONENTS”, which is hereby incorporated by referencein its entirety.

TECHNICAL FIELD

Embodiments herein generally relate to securing systems which includeaccelerators, including but not limited to field-programmable gate array(FPGA) based accelerators.

BACKGROUND

FPGAs are semiconductor integrated circuits that can be configured aftermanufacturing. Generally, an FPGA includes an array of programmablelogic blocks connected via programmable interconnects. As such, FPGAscan be reprogrammed to desired requirements after manufacturing.

Recently, FPGAs and other hardware-based accelerators have made inroadsinto the cloud computing space. One emerging model is theFPGA-as-a-service model, in which a public cloud service provider makesone or more FPGAs available for use by third party users. In such clouddeployments, FPGAs may have access to privileged (or trusted) systemresources, such as processors, network interfaces, memory, and otherdevices. However, users of the public cloud may not be trusted, creatingsignificant security risks in the cloud platform. Therefore, securitymechanisms are needed to allow untrusted users to utilize cloud-basedFPGAs in a secure manner. Furthermore, any such security mechanismsshould be capable of validation and audit to ensure the overall securityof the cloud-based system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an embodiment of a system.

FIG. 2 illustrates an embodiment of a security broker.

FIGS. 3A, 3B, 3C, and 3D illustrate embodiments of a system.

FIGS. 4A, 4B, and 4C illustrate embodiments of securing a system.

FIG. 5 illustrates an embodiment of a first logic flow.

FIG. 6 illustrates an embodiment of a second logic flow.

FIG. 7 illustrates an embodiment of a third logic flow.

FIG. 8 illustrates an embodiment of a storage medium.

FIG. 9 illustrates an embodiment of a computing architecture.

FIG. 10 illustrates an embodiment of a communications architecture.

DETAILED DESCRIPTION

Various embodiments may generally be directed to securely exposing anaccelerator, such as an FPGA-based accelerator, to privileged systemcomponents, such as processors, memory, network connections, and storagedevices. When provided in a cloud computing environment, one or moreuntrusted third-parties may configure the FPGA-based accelerator toperform untrusted computing operations. However, doing so introducessignificant security risks. For example, an untrusted third-party maybypass conventional security mechanisms in the FPGA to access sensitivedata, corrupt the system, or otherwise engage in malicious activity.Advantageously, however, embodiments disclosed herein provide a securitybroker that manages transactions between an FPGA-based accelerator andprivileged system resources. Doing so enhances system security byrestricting operations performed by the FPGA-based accelerator (alsoreferred to herein as an “FPGA”, “FPGA accelerator”, or “hardwareaccelerator”). The use of FPGA-based accelerators as a reference exampleof a hardware accelerator herein should not be considered limiting ofthe disclosure, as the disclosure is equally applicable to other typesof hardware accelerators.

The security broker disclosed herein may be physically and/orarchitecturally separated from the FPGA in various configurations. Inembodiments, the security broker is not implemented in the FPGA fabric.In an embodiment, the security broker is implemented as a separateapplication specific integrated circuit (ASIC) in a multi-chip packagethat includes the FPGA. In an embodiment, the security broker isimplemented as an ASIC chip separate from the FPGA-based accelerator. Inan embodiment, the security broker is implemented as a second FPGA thatis separate from the FPGA fabric of the FPGA-based accelerator. In anembodiment, the security broker is implemented as a hard block on amonolithic FPGA die. By decoupling the security broker from the FPGAfabric, embodiments may optionally power down the FPGA fabric when theFPGA fabric is not in use while allowing the security broker to continueoperating.

The security broker further provides well-defined interfaces between theFPGA and privileged system components that can be validated as secure.The interfaces provided by the security broker expose the minimal set ofinterfaces and functionality to the FPGA, thereby limiting the amount ofaccess the FPGA has to the rest of the system. Example securityfunctions provided by the security broker interfaces include, withoutlimitation, protocol correctness validation, protocol responsesynthesis, memory address range permission checks, management ofprivileged interface bandwidth used by the FPGA, thermal management,power management, and network firewall filtering.

The security broker may further include software components. Thesoftware components may generally include software for reportingsecurity breaches and/or breach attempts, software for containingdetected security breaches, software for containing detected breachattempts, and software for generally managing the security broker. Forexample, the security broker software may return the system to knownsafe state by removing the untrusted FPGA configuration that caused asecurity breach (and/or attempted a security breach), and clearing anyrelevant containment features imposed by the security broker.Additionally and/or alternatively, the security broker software maygenerate an entry in a system log reflecting detected breaches and/orattempted breaches. Additionally and/or alternatively, the securitybroker may include software which reports security breaches andattempted security breaches to higher-level management software.Additionally and/or alternatively, the security broker software mayinclude event application programming interfaces (APIs) that aretriggered when the security broker identifies a breach and/or attemptedbreach. Such APIs may facilitate the implementation of higher-levelsecurity policies. Additionally and/or alternatively, the securitybroker software may cause the security broker to enter a containmentmode and cause the FPGA fabric to enter a lower power state (e.g., viaclock gating, power gating, etc.). Additionally and/or alternatively,the security broker software may cause the FPGA fabric to enter anactive state, clearing any relevant state applied by the security brokerand restoring the FPGA to a usable state.

With general reference to notations and nomenclature used herein, one ormore portions of the detailed description which follows may be presentedin terms of program procedures executed on a computer or network ofcomputers. These procedural descriptions and representations are used bythose skilled in the art to most effectively convey the substances oftheir work to others skilled in the art. A procedure is here, andgenerally, conceived to be a self-consistent sequence of operationsleading to a desired result. These operations are those requiringphysical manipulations of physical quantities. Usually, though notnecessarily, these quantities take the form of electrical, magnetic, oroptical signals capable of being stored, transferred, combined,compared, and otherwise manipulated. It proves convenient at times,principally for reasons of common usage, to refer to these signals asbits, values, elements, symbols, characters, terms, numbers, or thelike. It should be noted, however, that all of these and similar termsare to be associated with the appropriate physical quantities and aremerely convenient labels applied to those quantities.

Further, these manipulations are often referred to in terms, such asadding or comparing, which are commonly associated with mentaloperations performed by a human operator. However, no such capability ofa human operator is necessary, or desirable in most cases, in any of theoperations described herein that form part of one or more embodiments.Rather, these operations are machine operations. Useful machines forperforming operations of various embodiments include general purposedigital computers as selectively activated or configured by a computerprogram stored within that is written in accordance with the teachingsherein, and/or include apparatus specially constructed for the requiredpurpose. Various embodiments also relate to apparatus or systems forperforming these operations. These apparatuses may be speciallyconstructed for the required purpose or may include a general-purposecomputer. The required structure for a variety of these machines will beapparent from the description given.

Reference is now made to the drawings, wherein like reference numeralsare used to refer to like elements throughout. In the followingdescription, for purpose of explanation, numerous specific details areset forth in order to provide a thorough understanding thereof. It maybe evident, however, that the novel embodiments can be practiced withoutthese specific details. In other instances, well known structures anddevices are shown in block diagram form in order to facilitate adescription thereof. The intention is to cover all modification,equivalents, and alternatives within the scope of the claims.

FIG. 1 illustrates an embodiment of a computing system 100. Thecomputing system 100 is representative of any type of computing system,and includes one or more privileged components 101, a security broker102, and one or more FPGA accelerators 103. The privileged components101 are representative of any type of computing resource, such asprocessors (CPUs), memory, system baseboard management control (BMC),Peripheral Component Interconnect Express® (PCIe) devices (e.g., networkinterface cards, storage devices, graphics processors (GPUs)), power,thermal output, storage devices, an FPGA, and data. The security broker102 is logic, at least a portion of which is in hardware, that decouplesthe FPGA 103 from the privileged components 101. The FPGA 103 is anFPGA-based hardware accelerator. The FPGA 103 may be used for any typeof processing function, such as encryption, decryption, imageprocessing, networking functions, and the like. Because untrusted thirdparties can configure the FPGA 103 for custom processing, the FPGA 103is untrusted from the perspective of an owner and/or operator of thesystem 100. As previously stated, the FPGA 103 is representative of anytype of hardware accelerator.

In embodiments, the system 100 is part of a cloud computing environment,which provides ubiquitous access to shared pools of configurable systemresources and higher-level services that can be rapidly provisioned withminimal management effort. Therefore, any number of third-party usersaccessing the system 100 may use the FPGA 103. Although one FPGA 103 isdepicted in the system 100, the system 100 may include any number andtype of FPGAs 103. For example, a first third-party user may configureencryption functions on a first FPGA 103 provided by the cloud provider,while a second third-party user may configure signal processing on asecond FPGA 103 provided by the cloud provider. In such embodiments, thesecond FPGA 103 is a privileged component 102 relative to the first FPGA103. Similarly, the first FPGA 103 is a privileged component 102relative to the second FPGA 103. In some embodiments, two or morethird-party users may concurrently use different portions of the FPGA103. Therefore, as another example, the first third-party user mayconfigure encryption functions on a first portion of the first FPGA 103,while the second third-party user may configure signal processing on asecond portion of the FPGA 103. In such embodiments, the second portionof the FPGA 103 is a privileged component 102 relative to the firstportion of the FPGA 103. Similarly, the first portion of the FPGA 103 isa privileged component 102 relative to the second portion of the FPGA103.

An FPGA such as the FPGA 103 may have millions of configuration bits(not pictured) which control functions such as programmable routing,security, test scan chains, debug read-back features, and the like.Therefore, processing performed by FPGA 103 may introduce securityrisks. For example, a user of the FPGA 103 may modify the configurationbits of the FPGA 103 to bypass security features provided by the FPGA103. As another example, a user may configure the FPGA 103 tomaliciously access sensitive data stored in a privileged component 101(e.g., system memory, a CPU, etc.). Advantageously, however, thesecurity of the system 100 is enhanced by providing the security broker102 to decouple (illustrated by the dashed line in FIG. 1) the FPGA 103from the privileged system components 101.

Any number and type of implementation options are available to decouplethe FPGA 103 from the system 100. For example, the security broker 102may be a physically separate chiplet packaged together with a die thatincludes the FPGA 103. The chiplet may be a hardened chiplet and/or asoft chiplet. The hardened chiplet provides a defined interface to thephysically separated fabric of the FPGA 103. In another embodiment, thechiplet may be a soft chiplet implemented within an architecturallyseparated fabric of the FPGA 103. As another example, the securitybroker 102 may be on the same die as the FPGA 103 but is decoupled fromthe fabric used to implement the FPGA 103. As another example, thesecurity broker 102 may be implemented on a second FPGA (different thanthe FPGA 103). As still another example, the security broker 102 may beimplemented on an independent ASIC. As another example, the securitybroker 102 may be implemented as part of a BMC. Furthermore, thesecurity broker 102 may be implemented as a combination of components.One such combination includes a PCIe storage switch and an IntelVirtualization Technology for Directed I/O (VT-d) input-output memorymanagement unit (IOMMU), while another combination includes adistributed virtual network firewall.

Regardless of the specific implementation, the FPGA 103 must access theprivileged components 101 via the security broker 102. As shown in FIG.1, the system 100 includes a set of privileged interfaces 104 and a setof FPGA interfaces 105. The privileged interface 104 is representativeof one or more interfaces between the security broker 102 and theprivileged components 101. The FPGA interface 105 is representative ofone or more interfaces between the security broker 102 and the FPGA 103.The trusted interfaces 104 may be any type of interface, such as a PCIebus, system management bus (SMBUS), a network interface (e.g.,Ethernet®, Omni-Path, InfiniBand®, etc.), an Intel® QuickPathInterconnect (QPI), an Intel UltraPath Interconnect (UPI), a memoryinterface (e.g., DDR3, DDR4, RLDRAM, 3D XPoint, etc.). The FPGAinterfaces 105 may be any type of interface, such as a core cacheinterface (CCI-P), PCIe bus, SMBUS, network interface, QPI, UPI, memoryinterface, and the like.

To enhance the security of the system 100, the security broker 102validates instructions sent by the FPGA 103 (and/or instructions sent bythe privileged components 101 to the FPGA 103), and performs operationsto secure the system when invalid instructions are identified. Forexample, if the FPGA 103 attempts to access a memory address that isoutside the range of memory addresses the FPGA 103 is permitted toaccess, the security broker 102 may restrict the operation of the memoryaccess and clear the FPGA 103, thereby denying access to the memoryaddress and preserving system security. Similarly, if the FPGA 103 doesnot respond to a PCIe command within a predefined timeout threshold, thesecurity broker 102 may respond to the PCIe privileged component 101 onbehalf of the FPGA 103 to keep the system 100 in a stable state. Asanother example, a first portion of the FPGA 103 may attempt to access asecond portion of the FPGA 103. In such an example, the security broker102 may determine that the first portion of the FPGA 103 (and/or theassociated third-party entity) is restricted from accessing the secondportion of the FPGA 103, and restrict the attempted access by the firstportion of the FPGA 103 to the second portion of the FPGA 103.

FIG. 2 illustrates a more detailed view of components of the securitybroker 102 according to an embodiment. In the depicted embodiment, thesecurity broker 102 includes interfaces 201, a security component 202, aconfiguration 203, and a reporting component 204. The interfaces 201 arerepresentative of any type of interface, including at least theprivileged interfaces 104 and the FPGA interfaces 105 of FIG. 1. Thesecurity component 202 is logic configured to perform security functionswithin the system 100. The security component 202 may be implemented ashardware, software, and/or a combination thereof. The security component202 may perform any type of security function that ensures the FPGA 103is executing properly. For example, the security component 202 mayperform protocol correctness validation and/or protocol synthesis. Onesuch example includes detecting non-compliance with a given protocol(e.g., the PCIe protocol). If the FPGA 103 (and/or executing codethereon) issues one or more instructions that do not comply with theprotocol, the security component 202 may filter the non-compliantinstructions such that these instructions are not able to corrupt therest of the system 100 (e.g., the privileged components 101). As anotherexample, if the FPGA 103 does not respond to an instruction from aprivileged component 101 according to a corresponding protocol (e.g.,the PCIe completion timeout), the security component 202 may generateand transmit the appropriate response on behalf of the FPGA 103. Asanother example, the security component 202 may detect when the FPGA 103engages in PCIe Bus:Device:Function (BDF) spoofing, and secure thesystem 100 in response. Generally, spoofing involves specifying anincorrect PCIe BDF in generated instructions, which could lead tosecurity issues. Although PCIe is used as a reference example herein,the disclosure is equally applicable to other devices and/or protocols(e.g., Cache Coherent Interconnect for Accelerators (CCTV)), NVLink®,Gen-Z®, UltraPath Interconnect (UPI)).

The security component 202 may further provide host memory address rangepermission checks. For example, the security component 202 may include amemory management unit (MMU) which manages ranges of memory addressesthe FPGA 103 may access. If the FPGA 103 attempts to access a memoryaddress outside of the permitted range, the security component 202 mayrestrict access to the requested memory address. The security component202 may further implement private shared memory address range permissionchecking via the MMU, ensuring the FPGA 103 are limited to accessingspecified ranges of private shared memory, and excluding the FPGA 103from other ranges of the private shared memory. The security component202 may further provide bandwidth utilization allocation, tracking andthrottling via the interfaces 201. For example, the security component202 may limit the FPGA 103 to a 1 megabit/second bandwidth utilizationthreshold over a privileged interface 104. If, based on bandwidthmonitoring, the security component 202 determines that the FPGA 103exceeds the 1 megabit/s threshold over the privileged interface 104, thesecurity component 202 may throttle the bandwidth used by the FPGA 103over the privileged interface 104 to reduce the used bandwidth to belowthe threshold.

As another example, the security component 202 may provide thermaltracking and throttling. For example, malicious users may attempt todamage the system 100 by overheating the FPGA 103 via excessiveprocessing. The security component 202 may monitor the temperaturevalues provided by different temperature sensors in the system 100(e.g., temperature sensors on the security broker 102 die, proxytemperature sensors on the FPGA 103, etc.) to determine when a thermalthreshold limit is exceeded, and throttle the FPGA 103. The securitycomponent 202 may further provide power tracking and throttling toensure that the FPGA 103 does not exceed power thresholds. For example,the security component 202 may receive energy current use values from avoltage regulator of the system 100 (not pictured). If the receivedvalues exceed a corresponding energy current threshold, the securitycomponent 202 may throttle the FPGA 103 to lower energy consumptionbelow the threshold. As another example, the security component 202 mayapply network firewall filtering to data transmitted to or from the FPGA103. As yet another example, the security component 202 may performinterrupt remapping within the system 100 and/or throttle interruptsgenerated from the FPGA 103. As another example, the security component202 may apply virtual domain restrictions using Process Address Space ID(PASID) and/or BDF.

The configuration 203 is representative configuration parameters for thesecurity broker 102. Example configuration 203 parameters include,without limitation, rules, protocol requirements, known good systemstates, formatting requirements, bandwidth thresholds, instructionthresholds, timeout values, memory range permissions, permitteddestinations, power thresholds, thermal thresholds, applicable systemmanagement operations, and the like. Furthermore, the configuration 203may specify features that isolate two or more concurrent configurationsof the same FPGA 103 by different third parties in a cloud environment.For example, the configuration 203 may include features to ensure that afirst third-party configuration of a portion of a given FPGA 103 (e.g.,a portion configured by the first third party to perform encryptionoperations) is isolated from a second third-party configuration of adifferent portion of the same FPGA 103 (e.g., a portion configured bythe second third party to perform signal processing operations). Theconfiguration 203 may be implemented as hardware, software, or acombination thereof.

The reporting component 204 includes software and/or hardware formanaging the security broker 102, managing the FPGA 103, and reportingattempted and/or actual security breaches. For example, if the securitybroker 102 restricts the FPGA 103 from accessing a privileged component101, the reporting component 204 reference the configuration 103 todetermine a set of associated system management operations to restorethe system 100 to a secure operating state. For example, the reportingcomponent 204 may return the system 100 to a last known good state(e.g., using state information stored in the configuration 203), haltexecution of the FPGA 103, remove the FPGA 103 from the system 100 usingsoftware and/or hardware generated instructions, and clear anyadditional features applied by the security broker 102. Additionallyand/or alternatively, the reporting component 204 may create an entry ina log (not pictured) that reflects the detected security breach.

Additionally and/or alternatively, the reporting component 204 mayreport the security breach to other components of the system 100 (e.g.,management software). Additionally and/or alternatively, the reportingcomponent 204 may further include APIs that trigger when specific typesof security incidents are detected, allowing higher-level policies to bebuilt. Additionally and/or alternatively, the reporting component 204may trigger the security broker 102 into a containment mode and causethe FPGA 103 to enter a lower power state (e.g., by power gating, clockgating, etc.). Additionally and/or alternatively, the reportingcomponent 204 may cause the FPGA 103 fabric to enter an active state,clear the containment mode from the security broker 102, and restore theFPGA 103 to full usability.

FIG. 3A illustrates an embodiment of the system 100 including theprivileged components 101, the security broker 102, and the FPGA 103.The security broker 102 physically and architecturally separates theFPGA 103 from the privileged components 101. In FIG. 3A, the securitybroker 102 may be implemented as a hardened chiplet, a PCIe storageswitch with custom filtering firmware, and the like. In the depictedembodiment, the security broker 102 does not allow the FPGA 103 toinitiate transactions with the privileged components 101. Therefore, insuch embodiments, the FPGA 103 cannot act as a master, further enhancingsystem security. Instead, transactions are initiated by the privilegedcomponents 101, and the FPGA 103 is only permitted to respond to suchtransactions. For example, the security broker 102 may receive a requestfrom the CPU targeting the FPGA 103 via the interface 201-1, and forwardrequest to the FPGA 103 via the interface 201-2. The FPGA 103 may thengenerate a response to the request to complete the transaction. The FPGA103 may forward the response to the security broker 102 via, whichdetermines the response is valid. The security broker 102 may thenforward the response to the CPU. However, if the FPGA 103 initiates atransaction (e.g., as a PCIe master) targeting the CPU, the securitybroker 102 may filter (or drop) the request, and trigger the reportingcomponent 104 to perform additional security operations.

FIG. 3B depicts an embodiment of the system 100 including the privilegedcomponents 101, the security broker 102, and the FPGA 103. Morespecifically, FIG. 3B depicts an embodiment where the security broker102 includes an IOMMU 301 and PCIe storage switch 302. The IOMMU 301 maygenerally provide at least a portion of the memory management operationsdescribed above with reference to the security component 202. Forexample, if the FPGA 103 attempts to access a memory address, the IOMMU301 determines whether the FPGA 103 is permitted to access the memoryaddress. If the FPGA 103 is not permitted to access the memory address,the IOMMU 301 (and/or another designated component of the securitybroker 102) may block (or filter, or drop) the attempt to access thememory address. Otherwise, if the memory address is within a range ofpermitted addresses, the IOMMU 301 (and/or another designated componentof the security broker 102) may forward the request to access the memoryaddress. The IOMMU 301 may further provide interrupt remappingfunctions. The PCIe storage switch 302 may process PCIe transactions inthe system, ensuring that the FPGA 103 complies with the PCIe protocol,and detecting attempts by the FPGA 103 to falsify the PCIe BDFassociated with the FPGA 103. The PCIe storage switch 302 may furtherprovide PCIe endpoint containment, I/O virtual address filtering, andsynthesize PCIe responses on behalf of a non-responsive FPGA 103.

FIG. 3C depicts an embodiment of the system 100 including the privilegedcomponents 101, the security broker 102, and the FPGA 103. As shown, thesystem 100 in FIG. 3C further includes an FPGA package 321 and the IOMMU301. As stated above, the IOMMU performs memory range permissionvalidation and interrupt remapping. The FPGA package 321 includes anFPGA fabric die 322 and a security broker die 323 communicably coupledby an interface 201-4. A die, in the context of integrated circuits, isa block of semiconducting material on which a functional circuit isfabricated. Therefore, as shown, the FPGA fabric die 322 includes theFPGA 103, while the security broker die 323 includes the security broker102. In an embodiment, the interface 201-4 is a CCI-P interface. Thesecurity broker die 323 is connected to the IOMMU 301 via the interface201-3, which, in an embodiment, is a PCIe interface. The architecture ofthe security broker 102 includes the IOMMU 301, illustrated by thedashed box in FIG. 3C.

FIG. 3D depicts an embodiment of the system 100 configured to performnetworking functions. The system 100 of FIG. 3D includes a networkinterface card (NIC) 334 and a CPU 334 (e.g., a privileged component101). The NIC 334 includes the security broker 102, the FPGA 103, and anEthernet interface 332 (e.g., an Ethernet port). The security broker 102includes a hardware virtual switch (HW vSwitch) 333. In one embodiment,the HW vSwitch is an Open vSwitch®. The CPU 334 illustratively executesvSwitch software 335. Architecturally, the components of the securitybroker 102 include the HW vSwitch 333 and the vSwitch software 335,illustrated by the dashed line in FIG. 3D. As such, the security broker102 provides network firewall functionality. For example, if the FPGA103 attempts to access restricted network locations, the security broker102 may block the attempted access by the FPGA 103.

FIG. 4A illustrates an embodiment of securing the system 100. As shown,the FPGA 103 issues an instruction 401 to the security broker 102. Whilea single instruction 401 is depicted, the instruction 401 isrepresentative of any number and type of instructions and/or computingoperations. Once received, the security broker 102 analyzes theinstruction 401 to determine whether the instruction 401 is validrelative to the rules and constraints defined in the system 100 (e.g.,the configuration 203). For example, if the instruction 401 isrepresentative of a PCIe command, the security broker 102 determineswhether the instruction 401 conforms with the PCIe protocol and anyadditional requirements specified by the configuration 203.

FIG. 4B depicts an embodiment where the security broker 102 hasvalidated the instruction 401. Once validated, the security broker 102forwards the instruction 401 via one of the trusted interfaces to thetarget privileged component 101 for further processing.

FIG. 4C, however, depicts an embodiment where the security broker 102has determined that the instruction 401 is not valid. In FIG. 4C, thesecurity broker 102 may drop the instruction 401 (or otherwise preventforwarding and/or further processing of the instruction 401). Thesecurity broker 102 and/or the reporting component 204 may furthergenerate a security command 402 which is sent to the FPGA 103. Thesecurity command 402 may generally include any number of commandsconfigured to control the FPGA 103, e.g., by powering off the FPGA 103,removing the FPGA 103 from the system 100, halting further processing bythe FPGA 103, and so on. Furthermore, the reporting component 204 mayperform functions 403-405. Illustratively, reporting component 204 maycreate a log entry reflecting the invalid instruction 401 in a systemlog at block 403. The reporting component 204 may further generate andtransmit a notification reporting the invalid instruction 401 at block404. The notification may be transmitted to other system managementcomponents (e.g., the BMC). At block 405, the reporting component 204may trigger one or more APIs to facilitate further security featuresprovided by the system 100.

FIG. 5 illustrates an embodiment of a logic flow 500. The logic flow 500may be representative of some or all of the operations executed by oneor more embodiments described herein. Embodiments are not limited inthis context.

In the illustrated embodiment shown in FIG. 5, the logic flow 500 maybegin at block 510. At block 510 “receive, by security broker from FPGA,instruction targeting privileged component, the security brokerproviding interfaces between the FPGA component and one or moreprivileged components”, the security broker 102 may receive aninstruction from the FPGA 103 that targets a privileged component 101 ofthe system 100. For example, the instruction may specify to access datastored at a first memory address. However, the instruction may be anytype of instruction generated by the FPGA 103. At block 520 “validateinstruction by security broker based on configuration,” the securitybroker 102 attempts to validate the instruction received at block 510based on the configuration 203. For example, the security broker 102 maydetermine whether the first memory address is within a range of memoryaddresses the FPGA 103 is permitted to access.

At block 530, “upon determining instruction is valid, forwardinstruction to target privileged component for further processing”, thesecurity broker 102 validates the instruction and forwards theinstruction to the target privileged component 101 for furtherprocessing. For example, the security broker 102 may determine at block530 that the first memory address is within a range of memory addressesthe FPGA 103 is permitted to access. Therefore, the security broker 102may forward the instruction to the target memory device in the system100, where the data at the first memory address can be read and returnedto the FPGA 103.

At block 540, “upon determining instruction is not validated, restrictinstruction and optionally perform operation to secure system”, thesecurity broker 102 determines the instruction was not validated atblock 520 (e.g., is an invalid instruction), restricts the instruction,and optionally performs an operation to secure the system 100. Forexample, if security broker 102 determines that the first memory addressis not within the range of memory addresses the FPGA 103 is permitted toaccess, the security broker 102 may drop, filter, or otherwise restrictthe instruction. Doing so prevents further processing of the instructionwithin the system 100, and ensures that the FPGA 103 does not receivethe data at the first memory address. The security broker 102 mayoptionally perform additional operations in response to the invalidatedinstruction, such as powering off the FPGA 103, clearing the FPGA 103,alerting an administrator, etc.

FIG. 6 illustrates an embodiment of a logic flow 600. The logic flow 600may be representative of some or all of the operations executed by oneor more embodiments described herein. For example, the security broker102 may implement one or more of the operations described in the logicflow 600. Embodiments are not limited in this context.

In the illustrated embodiment shown in FIG. 6, the logic flow 600 maybegin at block 610. At block 610 “determine instruction type andassociated functions in configuration”, the security broker 102determines a type of instruction received from the FPGA 103 (and/or aprivileged component 101) by analyzing the instruction, and determinesany associated functions in the configuration 203. For example, thememory instruction received at block 510 may be associated with memorymanagement functions (e.g., memory permissions checks) in theconfiguration 203. However, any number and types of functions,protocols, thresholds, and operations may be specified in theconfiguration 203.

At block 620 “perform protocol validation on instruction”, the securitybroker 102 optionally performs protocol validation on an instruction todetermine whether the instruction complies with a correspondingprotocol. If the instruction does not comply with the protocol, thesecurity broker 102 may determine that the instruction is invalid. Ifthe instruction complies with the protocol, the security broker mayvalidate the instruction. At block 630 “perform memory address rangepermission check on instruction” the security broker 102 optionallyperforms memory address range permission checks on an instructionspecifying to access a memory address to determine whether the FPGA 103is permitted to access the memory address. Doing so allows the securitybroker 102 to validate the instruction (if within the permitted range ofmemory addresses) or invalidate the instruction (if not within thepermitted range of memory addresses).

At block 640 “implement privileged interface bandwidth utilizationallocation, tracking, and/or throttling”, the security broker 102optionally implements bandwidth utilization, tracking, and throttling onthe privileged interfaces 104 (and/or the interfaces 105) by the FPGA103. For example, the FPGA 103 may be allocated a threshold amount ofbandwidth over the privileged interfaces 104. The security broker 102may monitor the amount of bandwidth used by the FPGA 103 over theprivileged interfaces. Upon determining the used bandwidth exceeds thethreshold, the security broker 102 may throttle the FPGA 103 to reducethe amount of used bandwidth, such that the amount of used bandwidth islower than the threshold.

At block 650 “perform thermal and/or power monitoring and throttling”,the security broker 102 performs monitoring of the amount of thermalenergy generated by the FPGA 103 and/or power used by the FPGA 103. Ifthe amount of thermal energy generated by the FPGA 103 exceeds a thermalenergy threshold, the security broker 102 may operate to reduce theamount of thermal energy generated by the FPGA 103 (e.g., throttling theFPGA 103, powering off the FPGA 103, etc.). Additionally and/oralternatively, if the amount of energy used by the FPGA 103 exceeds apower threshold, the security broker 102 may perform an operation toreduce the amount of energy used by the FPGA 103 (e.g., throttling theFPGA 103, powering off the FPGA 103, etc.). At block 660 “performnetwork firewall filtering”, the security broker 102 optionally performsnetwork firewall filtering to limit network destinations that the FPGA103 can access (e.g., based on a routing table specifying permitted andrestricted network addresses).

FIG. 7 illustrates an embodiment of a logic flow 700. The logic flow 700may be representative of some or all of the operations executed by oneor more embodiments described herein. For example, the security broker102 may implement one or more of the operations described in the logicflow 700. Embodiments are not limited in this context.

In the illustrated embodiment shown in FIG. 7, the logic flow 500 maybegin at block 710. At block 710 “restore system to known good state byresetting and/or removing FPGA configuration that issued invalidinstruction”, the security broker 102 restores the system 100 to a knowngood state by removing the FPGA 103 configuration that issued an invalidinstruction, e.g., by resetting the FPGA 103 and/or clearing the currentconfiguration of at least a portion of the FPGA 103. At block 720“create an entry describing invalid instruction in system log”, thesecurity broker 102 optionally creates an entry in a system logdescribing an invalid instruction. The entry in the system log mayspecify indications of the user of the FPGA 103, the invalidinstruction, a reason why the instruction was invalidated, a targetprivileged component 101, and any other attribute of the invalidinstruction.

At block 730, “generate and transmit notification describing invalidinstruction”, the security broker 102 generates and transmits anotification (e.g., to the BMC, a system management component, etc.)describing the invalid instruction. At block 740 “trigger APIs to reportinvalid instruction to other system components”, the security broker 102triggers one or more APIs which report the invalid instruction to othersystem components as described in greater detail above. At block 750“operate security broker in containment mode and cause the FPGA to enterlower power state”, the security broker 102 enters containment mode thatrestricts the FPGA 103 from performing any functions, and causes theFPGA 103 to enter a lower power state (e.g., when the FPGA 103 attemptsto perform an invalid operation). At block 760 “cause FPGA to enteractive state, clear containment mode, and restore FPGA to usable state”,the security broker 102 clears the containment mode, causes the FPGA 103to enter an active state, thereby restoring the FPGA 103 from thecontainment mode and other restrictions applied at block 750.

FIG. 8 illustrates an embodiment of a storage medium 800. Storage medium800 may comprise any non-transitory computer-readable storage medium ormachine-readable storage medium, such as an optical, magnetic orsemiconductor storage medium. In various embodiments, storage medium 800may comprise an article of manufacture. In some embodiments, storagemedium 800 may store computer-executable instructions, such ascomputer-executable instructions to implement one or more of logic flowsor operations described herein, such as with respect to 500, 600, and700 of FIGS. 5-7. Examples of a computer-readable storage medium ormachine-readable storage medium may include any tangible media capableof storing electronic data, including volatile memory or non-volatilememory, removable or non-removable memory, erasable or non-erasablememory, writeable or re-writeable memory, and so forth. Examples ofcomputer-executable instructions may include any suitable type of code,such as source code, compiled code, interpreted code, executable code,static code, dynamic code, object-oriented code, visual code, and thelike. The embodiments are not limited in this context.

FIG. 9 illustrates an embodiment of an exemplary computing architecture900 that may be suitable for implementing various embodiments aspreviously described. In various embodiments, the computing architecture900 may comprise or be implemented as part of an electronic device. Insome embodiments, the computing architecture 900 may be representative,for example, of a server that implements one or more components of thesystem 100. In some embodiments, computing architecture 900 may berepresentative, for example, of the privileged components 101, securitybroker 102, and FPGA 103 of the system 100. The embodiments are notlimited in this context. More generally, the computing architecture 900is configured to implement all logic, systems, methods, apparatuses, andfunctionality described herein with reference to FIGS. 1-8.

As used in this application, the terms “system” and “component” and“module” are intended to refer to a computer-related entity, eitherhardware, a combination of hardware and software, software, or softwarein execution, examples of which are provided by the exemplary computingarchitecture 900. For example, a component can be, but is not limited tobeing, a process running on a processor, a processor, a hard disk drive,multiple storage drives (of optical and/or magnetic storage medium), anobject, an executable, a thread of execution, a program, and/or acomputer. By way of illustration, both an application running on aserver and the server can be a component. One or more components canreside within a process and/or thread of execution, and a component canbe localized on one computer and/or distributed between two or morecomputers. Further, components may be communicatively coupled to eachother by various types of communications media to coordinate operations.The coordination may involve the uni-directional or bi-directionalexchange of information. For instance, the components may communicateinformation in the form of signals communicated over the communicationsmedia. The information can be implemented as signals allocated tovarious signal lines. In such allocations, each message is a signal.Further embodiments, however, may alternatively employ data messages.Such data messages may be sent across various connections. Exemplaryconnections include parallel interfaces, serial interfaces, and businterfaces.

The computing architecture 900 includes various common computingelements, such as one or more processors, multi-core processors,co-processors, memory units, chipsets, controllers, peripherals,interfaces, oscillators, timing devices, video cards, audio cards,multimedia input/output (I/O) components, power supplies, and so forth.The embodiments, however, are not limited to implementation by thecomputing architecture 900.

As shown in FIG. 9, the computing architecture 900 comprises aprocessing unit 904, a system memory 906 and a system bus 908. Theprocessing unit 904 can be any of various commercially availableprocessors, including without limitation an AMD® Athlon®, Duron® andOpteron® processors; ARM® application, embedded and secure processors;IBM® and Motorola® DragonBall® and PowerPC® processors; IBM and Sony®Cell processors; Intel® Celeron®, Core®, Core (2) Duo®, Itanium®,Pentium®, Xeon®, and XScale® processors; and similar processors. Dualmicroprocessors, multi-core processors, and other multi processorarchitectures may also be employed as the processing unit 904.

The system bus 908 provides an interface for system componentsincluding, but not limited to, the system memory 906 to the processingunit 904. The system bus 908 can be any of several types of busstructure that may further interconnect to a memory bus (with or withouta memory controller), a peripheral bus, and a local bus using any of avariety of commercially available bus architectures. Interface adaptersmay connect to the system bus 908 via a slot architecture. Example slotarchitectures may include without limitation Accelerated Graphics Port(AGP), Card Bus, (Extended) Industry Standard Architecture ((E)ISA),Micro Channel Architecture (MCA), NuBus, Peripheral ComponentInterconnect (Extended) (PCI(X)), PCI Express, Personal Computer MemoryCard International Association (PCMCIA), and the like.

The system memory 906 may include various types of computer-readablestorage media in the form of one or more higher speed memory units, suchas read-only memory (ROM), random-access memory (RAM), dynamic RAM(DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), staticRAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM),electrically erasable programmable ROM (EEPROM), flash memory (e.g., oneor more flash arrays), polymer memory such as ferroelectric polymermemory, ovonic memory, phase change or ferroelectric memory,silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or opticalcards, an array of devices such as Redundant Array of Independent Disks(RAID) drives, solid state memory devices (e.g., USB memory, solid statedrives (SSD) and any other type of storage media suitable for storinginformation. In the illustrated embodiment shown in FIG. 9, the systemmemory 906 can include non-volatile memory 910 and/or volatile memory912. A basic input/output system (BIOS) can be stored in thenon-volatile memory 910.

The computer 902 may include various types of computer-readable storagemedia in the form of one or more lower speed memory units, including aninternal (or external) hard disk drive (HDD) 914, a magnetic floppy diskdrive (FDD) 916 to read from or write to a removable magnetic disk 918,and an optical disk drive 920 to read from or write to a removableoptical disk 922 (e.g., a CD-ROM or DVD). The HDD 914, FDD 916 andoptical disk drive 920 can be connected to the system bus 908 by a HDDinterface 924, an FDD interface 926 and an optical drive interface 928,respectively. The HDD interface 924 for external drive implementationscan include at least one or both of Universal Serial Bus (USB) and IEEE994 interface technologies. The computer 902 includes the securitybroker 102 and the FGPA 103 hardware accelerator, each described ingreater detail above. The computer 902 is generally is configured toimplement all logic, systems, methods, apparatuses, and functionalitydescribed herein with reference to FIGS. 1-8.

The drives and associated computer-readable media provide volatileand/or nonvolatile storage of data, data structures, computer-executableinstructions, and so forth. For example, a number of program modules canbe stored in the drives and memory units 910, 912, including anoperating system 930, one or more application programs 932, otherprogram modules 934, and program data 936. In one embodiment, the one ormore application programs 932, other program modules 934, and programdata 936 can include, for example, the various applications and/orcomponents of the system 100.

A user can enter commands and information into the computer 902 throughone or more wire/wireless input devices, for example, a keyboard 938 anda pointing device, such as a mouse 940. Other input devices may includemicrophones, infra-red (IR) remote controls, radio-frequency (RF) remotecontrols, game pads, stylus pens, card readers, dongles, finger printreaders, gloves, graphics tablets, joysticks, keyboards, retina readers,touch screens (e.g., capacitive, resistive, etc.), trackballs,trackpads, sensors, styluses, and the like. These and other inputdevices are often connected to the processing unit 904 through an inputdevice interface 942 that is coupled to the system bus 908, but can beconnected by other interfaces such as a parallel port, IEEE 994 serialport, a game port, a USB port, an IR interface, and so forth.

A monitor 944 or other type of display device is also connected to thesystem bus 908 via an interface, such as a video adaptor 946. Themonitor 944 may be internal or external to the computer 902. In additionto the monitor 944, a computer typically includes other peripheraloutput devices, such as speakers, printers, and so forth.

The computer 902 may operate in a networked environment using logicalconnections via wire and/or wireless communications to one or moreremote computers, such as a remote computer 948. The remote computer 948can be a workstation, a server computer, a router, a personal computer,portable computer, microprocessor-based entertainment appliance, a peerdevice or other common network node, and typically includes many or allof the elements described relative to the computer 902, although, forpurposes of brevity, only a memory/storage device 950 is illustrated.The logical connections depicted include wire/wireless connectivity to alocal area network (LAN) 952 and/or larger networks, for example, a widearea network (WAN) 954. Such LAN and WAN networking environments arecommonplace in offices and companies, and facilitate enterprise-widecomputer networks, such as intranets, all of which may connect to aglobal communications network, for example, the Internet.

When used in a LAN networking environment, the computer 902 is connectedto the LAN 952 through a wire and/or wireless communication networkinterface or adaptor 956. The adaptor 956 can facilitate wire and/orwireless communications to the LAN 952, which may also include awireless access point disposed thereon for communicating with thewireless functionality of the adaptor 956.

When used in a WAN networking environment, the computer 902 can includea modem 958, or is connected to a communications server on the WAN 954,or has other means for establishing communications over the WAN 954,such as by way of the Internet. The modem 958, which can be internal orexternal and a wire and/or wireless device, connects to the system bus908 via the input device interface 942. In a networked environment,program modules depicted relative to the computer 902, or portionsthereof, can be stored in the remote memory/storage device 950. It willbe appreciated that the network connections shown are exemplary andother means of establishing a communications link between the computerscan be used.

The computer 902 is operable to communicate with wire and wirelessdevices or entities using the IEEE 802 family of standards, such aswireless devices operatively disposed in wireless communication (e.g.,IEEE 802.16 over-the-air modulation techniques). This includes at leastWi-Fi (or Wireless Fidelity), WiMax, and Bluetooth™ wirelesstechnologies, among others. Thus, the communication can be a predefinedstructure as with a conventional network or simply an ad hoccommunication between at least two devices. Wi-Fi networks use radiotechnologies called IEEE 802.11x (a, b, g, n, etc.) to provide secure,reliable, fast wireless connectivity. A Wi-Fi network can be used toconnect computers to each other, to the Internet, and to wire networks(which use IEEE 802.3-related media and functions).

FIG. 10 illustrates an embodiment of a communications architecture 1000suitable for implementing various embodiments as previously described.The communications architecture 1000 includes various commoncommunications elements, such as a transmitter, receiver, transceiver,radio, network interface, baseband processor, antenna, amplifiers,filters, power supplies, and so forth. The embodiments, however, are notlimited to implementation by the communications architecture 1000.

As shown in FIG. 10, the communications architecture 1000 comprisesincludes one or more clients 1002 and servers 1004. The clients 1002 andthe servers 1004 are operatively connected to one or more respectiveclient data stores 1008 and server data stores 1010 that can be employedto store information local to the respective clients 1002 and servers1004, such as cookies and/or associated contextual information. Invarious embodiments, any one of servers 1004 may implement one or moreof logic flows or operations described herein, and storage medium 800 ofFIG. 8 in conjunction with storage of data received from any one ofclients 1002 on any of server data stores 1010.

The clients 1002 and the servers 1004 may communicate informationbetween each other using a communication framework 1006. Thecommunications framework 1006 may implement any well-knowncommunications techniques and protocols. The communications framework1006 may be implemented as a packet-switched network (e.g., publicnetworks such as the Internet, private networks such as an enterpriseintranet, and so forth), a circuit-switched network (e.g., the publicswitched telephone network), or a combination of a packet-switchednetwork and a circuit-switched network (with suitable gateways andtranslators).

The communications framework 1006 may implement various networkinterfaces arranged to accept, communicate, and connect to acommunications network. A network interface may be regarded as aspecialized form of an input output interface. Network interfaces mayemploy connection protocols including without limitation direct connect,Ethernet (e.g., thick, thin, twisted pair 10/100/1000 Base T, and thelike), token ring, wireless network interfaces, cellular networkinterfaces, IEEE 802.11a-x network interfaces, IEEE 802.16 networkinterfaces, IEEE 802.20 network interfaces, and the like. Further,multiple network interfaces may be used to engage with variouscommunications network types. For example, multiple network interfacesmay be employed to allow for the communication over broadcast,multicast, and unicast networks. Should processing requirements dictatea greater amount speed and capacity, distributed network controllerarchitectures may similarly be employed to pool, load balance, andotherwise increase the communicative bandwidth required by clients 1002and the servers 1004. A communications network may be any one and thecombination of wired and/or wireless networks including withoutlimitation a direct interconnection, a secured custom connection, aprivate network (e.g., an enterprise intranet), a public network (e.g.,the Internet), a Personal Area Network (PAN), a Local Area Network(LAN), a Metropolitan Area Network (MAN), an Operating Missions as Nodeson the Internet (OMNI), a Wide Area Network (WAN), a wireless network, acellular network, and other communications networks.

Various embodiments may be implemented using hardware elements, softwareelements, or a combination of both. Examples of hardware elements mayinclude processors, microprocessors, circuits, circuit elements (e.g.,transistors, resistors, capacitors, inductors, and so forth), integratedcircuits, application specific integrated circuits (ASIC), programmablelogic devices (PLD), digital signal processors (DSP), field programmablegate array (FPGA), logic gates, registers, semiconductor device, chips,microchips, chip sets, and so forth. Examples of software may includesoftware components, programs, applications, computer programs,application programs, system programs, machine programs, operatingsystem software, middleware, firmware, software modules, routines,subroutines, functions, methods, procedures, software interfaces,application program interfaces (API), instruction sets, computing code,computer code, code segments, computer code segments, words, values,symbols, or any combination thereof. Determining whether an embodimentis implemented using hardware elements and/or software elements may varyin accordance with any number of factors, such as desired computationalrate, power levels, heat tolerances, processing cycle budget, input datarates, output data rates, memory resources, data bus speeds and otherdesign or performance constraints.

One or more aspects of at least one embodiment may be implemented byrepresentative instructions stored on a machine-readable medium whichrepresents various logic within the processor, which when read by amachine causes the machine to fabricate logic to perform the techniquesdescribed herein. Such representations, known as “IP cores” may bestored on a tangible, machine readable medium and supplied to variouscustomers or manufacturing facilities to load into the fabricationmachines that actually make the logic or processor. Some embodiments maybe implemented, for example, using a machine-readable medium or articlewhich may store an instruction or a set of instructions that, ifexecuted by a machine, may cause the machine to perform a method and/oroperations in accordance with the embodiments. Such a machine mayinclude, for example, any suitable processing platform, computingplatform, computing device, processing device, computing system,processing system, computer, processor, or the like, and may beimplemented using any suitable combination of hardware and/or software.The machine-readable medium or article may include, for example, anysuitable type of memory unit, memory device, memory article, memorymedium, storage device, storage article, storage medium and/or storageunit, for example, memory, removable or non-removable media, erasable ornon-erasable media, writeable or re-writeable media, digital or analogmedia, hard disk, floppy disk, Compact Disk Read Only Memory (CD-ROM),Compact Disk Recordable (CD-R), Compact Disk Rewriteable (CD-RW),optical disk, magnetic media, magneto-optical media, removable memorycards or disks, various types of Digital Versatile Disk (DVD), a tape, acassette, or the like. The instructions may include any suitable type ofcode, such as source code, compiled code, interpreted code, executablecode, static code, dynamic code, encrypted code, and the like,implemented using any suitable high-level, low-level, object-oriented,visual, compiled and/or interpreted programming language.

The following examples pertain to further embodiments, from whichnumerous permutations and configurations will be apparent.

Example 1 is an apparatus comprising: a privileged component; a hardwareaccelerator; and a security broker, at least a portion of which is inhardware decoupled from the hardware accelerator, configured to: provideinterfaces between the hardware accelerator and the privilegedcomponent; receive an instruction from the hardware acceleratortargeting the privileged component; validate the instruction based on aconfiguration; and upon determining the instruction is not validated,restrict the instruction from further processing.

Example 2 includes the subject matter of Example 1, the security brokerconfigured to validate the instruction by one or more of: a protocolvalidation operation performed on the instruction; a network addresspermission check performed on the instruction; a memory address rangepermission check performed on the instruction; a monitoring of abandwidth used by the hardware accelerator on one of the interfaces; amonitoring of thermal energy generated by the hardware accelerator; anda monitoring of power used by the hardware accelerator.

Example 3 includes the subject matter of Example 1, the security brokerfurther configured to: upon determining the instruction is validated,forward the instruction to the privileged component.

Example 4 includes the subject matter of Example 1, the security brokerfurther configured to, responsive to determining the instruction is notvalidated, perform one or more of: restore the apparatus to a last knowngood state by resetting the hardware accelerator; create an entry in asystem log describing the instruction; generate and transmit anotification describing the instruction; trigger an applicationprogramming interface (API) to report the instruction; and cause thehardware accelerator to enter a low power state.

Example 5 includes the subject matter of Example 1, the hardwareaccelerator comprising an FPGA-based accelerator, the FPGA-basedaccelerator disposed on a first die, the security broker implemented asone of: (i) a chiplet, (ii) a second FPGA on a second die, (iii) thesecond FPGA on the first die and decoupled from the FPGA-basedaccelerator, (iv) an application specific integrated circuit (ASIC)separate from the FPGA-based accelerator, (v) a part of a baseboardmanagement controller (BMC).

Example 6 includes the subject matter of Example 1, the privilegedcomponent comprising one or more of: (i) a processor, (ii) a memory,(iii) a storage device, (iv) a network interface, (v) a data, (vi) agraphics processor, and (vii) a Peripheral Component InterconnectExpress (PCIe) device.

Example 7 includes the subject matter of Example 1, the interfacescomprising at least a first interface between the privileged componentand the security broker, and a second interface between the securitybroker and the hardware accelerator.

Example 8 includes the subject matter of Example 1, the security brokerfurther configured to: upon determining the hardware accelerator has notresponded to a Peripheral Component Interconnect Express (PCIe) requestfrom the privileged component: generate a response to the PCIe requestfrom the privileged component on behalf of the hardware accelerator; andtransmit the generated response to the privileged component.

Example 9 includes the subject matter of Example 1, the security brokerconfigured to restrict the hardware accelerator from initiatingPeripheral Component Interconnect Express (PCIe) transactions with theprivileged component.

Example 10 includes the subject matter of Example 1, the instructiongenerated based on an untrusted third party accessing the hardwareaccelerator in a cloud computing environment.

Example 11 is a method, comprising: receiving, by a security broker, aninstruction from a hardware accelerator targeting a privileged componentof a computing device, the security broker comprising hardware decoupledfrom the hardware accelerator and providing interfaces between thehardware accelerator and the privileged component; validating, by thesecurity broker, the instruction based on a configuration; and upondetermining the instruction is not validated, restricting, by thesecurity broker, the instruction from further processing by thecomputing device

Example 12 includes the subject matter of Example 11, wherein validatingthe instruction comprises one or more of: a protocol validationoperation performed on the instruction; a network address permissioncheck performed on the instruction; a memory address range permissioncheck performed on the instruction; a monitoring of a bandwidth used bythe hardware accelerator on one of the interfaces; a monitoring ofthermal energy generated by the hardware accelerator; and a monitoringof power used by the hardware accelerator.

Example 13 includes the subject matter of Example 11, furthercomprising: determining, by the security broker, that the instruction isvalidated; and forwarding, by the security broker, the instruction tothe privileged component.

Example 14 includes the subject matter of Example 11, furthercomprising, responsive to determining the instruction is not validated,performing, by the security broker, one or more of: restoring thecomputing device to a last known good state by resetting the hardwareaccelerator; creating an entry in a system log describing theinstruction; generating and transmitting a notification describing theinstruction; triggering an application programming interface (API) toreport the instruction; and causing the hardware accelerator to enter alow power state.

Example 15 includes the subject matter of Example 11, the hardwareaccelerator comprising an FPGA-based accelerator, the FPGA-basedaccelerator disposed on a first die, the security broker implemented asone of: (i) a chiplet, (ii) a second FPGA on a second die, (iii) thesecond FPGA on the first die and decoupled from the FPGA-basedaccelerator, (iv) an application specific integrated circuit (ASIC)separate from the FPGA-based accelerator, (v) a part of a baseboardmanagement controller (BMC).

Example 16 includes the subject matter of Example 11, the privilegedcomponent comprising one or more of: (i) a processor, (ii) a memory,(iii) a storage device, (iv) a network interface, (v) a data, (vi) agraphics processor, and (vii) a Peripheral Component InterconnectExpress (PCIe) device.

Example 17 includes the subject matter of Example 11, the interfacescomprising at least a first interface between the privileged componentand the security broker and a second interface between the securitybroker and the hardware accelerator.

Example 18 includes the subject matter of Example 11, furthercomprising: upon determining the hardware accelerator has not respondedto a Peripheral Component Interconnect Express (PCIe) request from theprivileged component: generating, by the security broker, a response tothe PCIe request from the privileged component on behalf of the hardwareaccelerator; and transmitting, by the security broker, the generatedresponse to the privileged component.

Example 19 includes the subject matter of Example 11, the securitybroker configured to restrict the hardware accelerator from initiatingPeripheral Component Interconnect Express (PCIe) transactions with theprivileged component.

Example 20 includes the subject matter of Example 11, the instructiongenerated based on an untrusted third party accessing the hardwareaccelerator in a cloud computing environment.

Example 21 is a machine-readable storage medium comprising instructionsthat when executed by a computing device, cause the computing device to:receive, by a security broker, an instruction from a hardwareaccelerator targeting a privileged component of the computing device,the security broker comprising hardware decoupled from the hardwareaccelerator and providing interfaces between the hardware acceleratorand the privileged component; validate, by the security broker, theinstruction based on a configuration; and upon determining theinstruction is not validated, restricting, by the security broker, theinstruction from further processing by the computing device.

Example 22 includes the subject matter of Example 21, the securitybroker configured to validate the instruction by one or more of: aprotocol validation operation performed on the instruction; a networkaddress permission check performed on the instruction; a memory addressrange permission check performed on the instruction; a monitoring of abandwidth used by the FPGA-based accelerator on one of the interfaces; amonitoring of thermal energy generated by the hardware accelerator; anda monitoring of power used by the hardware accelerator.

Example 23 includes the subject matter of Example 21, further comprisinginstructions that when executed by the computing device, cause thecomputing device to: determine, by the security broker, that theinstruction is validated; and forward, by the security broker, theinstruction to the privileged component.

Example 24 includes the subject matter of Example 21, further comprisinginstructions that when executed by the computing device, cause thecomputing device to: perform, by the security broker responsive todetermining the instruction is not validated, one or more of: restoringthe computing device to a last known good state by resetting thehardware accelerator; creating an entry in a system log describing theinstruction; generating and transmitting a notification describing theinstruction; triggering an application programming interface (API) toreport the instruction; and causing the hardware accelerator to enter alow power state.

Example 25 includes the subject matter of Example 21, the hardwareaccelerator comprising an FPGA-based accelerator, the FPGA-basedaccelerator disposed on a first die, the security broker implemented asone of: (i) a chiplet, (ii) a second FPGA on a second die, (iii) thesecond FPGA on the first die and decoupled from the FPGA-basedaccelerator, (iv) an application specific integrated circuit (ASIC)separate from the FPGA-based accelerator, (v) a part of a baseboardmanagement controller (BMC).

Example 26 includes the subject matter of Example 21, the privilegedcomponent comprising one or more of: (i) a processor, (ii) a memory,(iii) a storage device, (iv) a network interface, (v) a data, (vi) agraphics processor, and (vii) a Peripheral Component InterconnectExpress (PCIe) device.

Example 27 includes the subject matter of Example 21, the interfacescomprising at least a first interface between the privileged componentand the security broker and a second interface between the securitybroker and the hardware accelerator.

Example 28 includes the subject matter of Example 21, the securitybroker further configured to: upon determining the hardware acceleratorhas not responded to a Peripheral Component Interconnect Express (PCIe)request from the privileged component: generate a response to the PCIerequest from the privileged component on behalf of the hardwareaccelerator; and transmit the generated response to the privilegedcomponent.

Example 29 includes the subject matter of Example 21, the securitybroker configured to restrict the hardware accelerator from initiatingPeripheral Component Interconnect Express (PCIe) transactions with theprivileged component.

Example 30 includes the subject matter of Example 21, the instructiongenerated based on an untrusted third party accessing the hardwareaccelerator in a cloud computing environment.

Example 31 is an apparatus comprising means for a privileged component;means for a hardware accelerator; means for a security broker, at leasta portion of which is in hardware decoupled from the hardwareaccelerator; means for providing interfaces between the hardwareaccelerator and the privileged component; means for receiving aninstruction from the hardware accelerator targeting the privilegedcomponent; means for validating the instruction based on aconfiguration; and upon determining the instruction is not validated,means for restricting the instruction from further processing.

Example 32 includes the subject matter of Example 31, the means forvalidating the instruction comprising one or more of: means forperforming a protocol validation operation on the instruction; means forperforming a network address permission check on the instruction; meansfor performing a memory address range permission check on theinstruction; means for monitoring a bandwidth used by the hardwareaccelerator on one of the interfaces; means for monitoring thermalenergy generated by the FPGA; and means for monitoring of power used bythe hardware accelerator.

Example 33 includes the subject matter of Example 31, furthercomprising: means for determining that the instruction is validated; andmeans for forwarding the instruction to the privileged component.

Example 34 includes the subject matter of Example 31, furthercomprising, responsive to determining the instruction is not validated,one or more of: means for restoring the computing device to a last knowngood state by resetting the hardware accelerator; means for creating anentry in a system log describing the instruction; means for generatingand transmitting a notification describing the instruction; means fortriggering an application programming interface (API) to report theinstruction; and means for causing the hardware accelerator to enter alow power state.

Example 35 includes the subject matter of one or more of Examples 31-34,the means for the hardware accelerator comprising a FPGA, the means forthe FPGA-based accelerator disposed on a first die, the means for thesecurity broker comprising one or more of: (i) a chiplet, (ii) a secondFPGA on a second die, (iii) the second FPGA on the first die anddecoupled from the FPGA-based accelerator, (iv) an application specificintegrated circuit (ASIC) separate from the FPGA-based accelerator, (v)a part of a baseboard management controller (BMC).

Example 36 includes the subject matter of Example 31, the means forprivileged component comprising one or more of: (i) a processor, (ii) amemory, (iii) a storage device, (iv) a network interface, (v) a data,(vi) a graphics processor, and (vii) a Peripheral Component InterconnectExpress (PCIe) device.

Example 37 includes the subject matter of Example 31, the interfacescomprising at least a first interface between the privileged componentand the security broker and a second interface between the securitybroker and the hardware accelerator.

Example 38 includes the subject matter of Example 31, furthercomprising: means for determining the hardware accelerator has notresponded to a Peripheral Component Interconnect Express (PCIe) requestfrom the privileged component; means for generating a response to thePCIe request from the privileged component on behalf of the hardwareaccelerator; and means for transmitting, by the security broker, thegenerated response to the privileged component.

Example 39 includes the subject matter of Example 31, further comprisingmeans for restricting the hardware accelerator from initiatingPeripheral Component Interconnect Express (PCIe) transactions with theprivileged component.

Example 40 includes the subject matter of Example 31, the instructiongenerated based on an untrusted third party accessing the hardwareaccelerator in a cloud computing environment.

Example 41 includes the subject matter of Examples 1-40, the hardwareaccelerator comprising an FPGA-based accelerator.

The foregoing description of example embodiments has been presented forthe purposes of illustration and description. It is not intended to beexhaustive or to limit the present disclosure to the precise formsdisclosed. Many modifications and variations are possible in light ofthis disclosure. It is intended that the scope of the present disclosurebe limited not by this detailed description, but rather by the claimsappended hereto. Future filed applications claiming priority to thisapplication may claim the disclosed subject matter in a differentmanner, and may generally include any set of one or more limitations asvariously disclosed or otherwise demonstrated herein.

What is claimed is:
 1. An apparatus, comprising circuitry, the circuitryarranged to: receive, from a hardware accelerator, an instructionincluding an indication of a privileged component; determine whether theinstruction is invalid; and apply a restriction to the instruction basedon a determination that the instruction is invalid.
 2. The apparatus ofclaim 1, the circuitry to determine whether the instruction is invalidbased on at least one of: a protocol validation operation; a networkaddress permission check; a memory address range permission check; anamount of bandwidth used by the hardware accelerator; an amount ofthermal energy generated by the hardware accelerator; or an amount ofpower used by the hardware accelerator.
 3. The apparatus of claim 1, thecircuitry to forward the instruction to the privileged component basedon a determination that the instruction is valid.
 4. The apparatus ofclaim 1, the circuitry to, at least one of the following: send a controlsignal to the hardware accelerator to cause the hardware accelerator toreset based on a determination that the instruction is invalid; createan entry in a system log based on a determination that the instructionis invalid, the entry comprising an indication of the instruction;generate and transmit a notification based on a determination that theinstruction is invalid, the notification comprising an indication of theinstruction; report the instruction via an application programminginterface (API) based on a determination that the instruction isinvalid; or send a control signal to the hardware accelerator to causethe hardware accelerator to enter a low power state based on adetermination that the instruction is invalid.
 5. The apparatus of claim1, the circuitry comprising a first interface to couple to the and theprivileged component and a second interface to couple to the hardwareaccelerator.
 6. The apparatus of claim 1, the circuitry to: determinewhether the hardware accelerator has responded to a Peripheral ComponentInterconnect Express (PCIe) request from the privileged component;generate a response to the PCIe request from the privileged component onbehalf of the hardware accelerator based on a determination that thehardware accelerator has not responded to the PCIe request from theprivileged component; and transmit the response to the privilegedcomponent.
 7. The apparatus of claim 1, circuitry to restrict thehardware accelerator from initiating Peripheral Component InterconnectExpress (PCIe) transactions with the privileged component.
 8. Theapparatus of claim 1, wherein the instruction is associated with anuntrusted third party accessing the hardware accelerator in a cloudcomputing environment.
 9. At least one non-transitory computer-readablemedium, comprising instructions that when executed by a security brokercoupled to a hardware accelerator and a privileged component, cause thesecurity broker to: determine whether an instruction received from thehardware accelerator is invalid, the instruction comprising anindication of the privileged component; and apply a restriction to theinstruction based on a determination that the instruction is invalid.10. The at least one non-transitory computer-readable medium of claim 9,the instructions, when executed further cause the security broker todetermine whether the instruction is invalid based on at least one of: aprotocol validation operation; a network address permission check; amemory address range permission check; an amount of bandwidth used bythe hardware accelerator; an amount of thermal energy generated by thehardware accelerator; or an amount of power used by the hardwareaccelerator.
 11. The at least one non-transitory computer-readablemedium of claim 9, the instructions, when executed further cause thesecurity broker to forward the instruction to the privileged componentbased on a determination that the instruction is valid.
 12. The at leastone non-transitory computer-readable medium of claim 9, theinstructions, when executed further cause the security broker to: send acontrol signal to the hardware accelerator to cause the hardwareaccelerator to reset based on a determination that the instruction isinvalid; create an entry in a system log based on a determination thatthe instruction is invalid, the entry comprising an indication of theinstruction; generate and transmit a notification based on adetermination that the instruction is invalid, the notificationcomprising an indication of the instruction; report the instruction viaan application programming interface (API) based on a determination thatthe instruction is invalid; or send a control signal to the hardwareaccelerator to cause the hardware accelerator to enter a low power statebased on a determination that the instruction is invalid.
 13. The atleast one non-transitory computer-readable medium of claim 9, theinstructions, when executed further cause the security broker to:determine whether the hardware accelerator has responded to a PeripheralComponent Interconnect Express (PCIe) request from the privilegedcomponent; generate a response to the PCIe request from the privilegedcomponent on behalf of the hardware accelerator based on a determinationthat the hardware accelerator has not responded to the PCIe request fromthe privileged component; and transmit the response to the privilegedcomponent.
 14. The at least one non-transitory computer-readable mediumof claim 9, the instructions, when executed further cause the securitybroker to restrict the hardware accelerator from initiating PeripheralComponent Interconnect Express (PCIe) transactions with the privilegedcomponent.
 15. A system, comprising: a hardware accelerator; andcircuitry coupled to the hardware accelerator, the circuitry to:determine whether an instruction received from the hardware acceleratoris invalid, the instruction comprising an indication of a privilegedcomponent; and apply a restriction to the instruction based on adetermination that the instruction is invalid.
 16. The system of claim15, the circuitry to determine whether the instruction is invalid basedon at least one of: a protocol validation operation; a network addresspermission check; a memory address range permission check; an amount ofbandwidth used by the hardware accelerator; an amount of thermal energygenerated by the hardware accelerator; or an amount of power used by thehardware accelerator.
 17. The system of claim 15, the circuitry toforward the instruction to the privileged component based on adetermination that the instruction is valid.
 18. The system of claim 15,the circuitry to, at least one of the following: send a control signalto the hardware accelerator to cause the hardware accelerator to resetbased on a determination that the instruction is invalid; create anentry in a system log based on a determination that the instruction isinvalid, the entry comprising an indication of the instruction; generateand transmit a notification based on a determination that theinstruction is invalid, the notification comprising an indication of theinstruction; report the instruction via an application programminginterface (API) based on a determination that the instruction isinvalid; or send a control signal to the hardware accelerator to causethe hardware accelerator to enter a low power state based on adetermination that the instruction is invalid.
 19. The system of claim15, comprising an interface to couple to the privileged component. 20.The system of claim 1, the circuitry to: determine whether the hardwareaccelerator has responded to a Peripheral Component Interconnect Express(PCIe) request from the privileged component; generate a response to thePCIe request from the privileged component on behalf of the hardwareaccelerator based on a determination that the hardware accelerator hasnot responded to the PCIe request from the privileged component; andtransmit the response to the privileged component.
 21. The system ofclaim 1, the hardware accelerator comprising an FPGA-based accelerator,the FPGA-based accelerator disposed on a first die, the circuitryimplemented as one of: a chiplet, a second FPGA on a second die, thesecond FPGA on the first die and decoupled from the FPGA-basedaccelerator, an application specific integrated circuit (ASIC) separatefrom the FPGA-based accelerator, or a baseboard management controller(BMC).
 22. A system, comprising: a privileged component; and circuitrycoupled to the privileged component, the circuitry to: determine whetheran instruction received from a hardware accelerator is invalid, theinstruction comprising an indication of the privileged component; andapply a restriction to the instruction based on a determination that theinstruction is invalid.
 23. The system of claim 22, the circuitry toforward the instruction to the privileged component based on adetermination that the instruction is valid.
 24. The system of claim 22,the circuitry to, at least one of the following: send a control signalto the hardware accelerator to cause the hardware accelerator to resetbased on a determination that the instruction is invalid; create anentry in a system log based on a determination that the instruction isinvalid, the entry comprising an indication of the instruction; generateand transmit a notification based on a determination that theinstruction is invalid, the notification comprising an indication of theinstruction; report the instruction via an application programminginterface (API) based on a determination that the instruction isinvalid; or send a control signal to the hardware accelerator to causethe hardware accelerator to enter a low power state based on adetermination that the instruction is invalid.
 25. The system of claim22, the privileged component comprising one or more of: a processor,memory, a network interface, a graphics processor, or a PeripheralComponent Interconnect Express (PCIe) device.